Standing Agenda

Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
Suggest additions or changes to roadmaps
Detailed discussion of features or outstanding issues as time permits
Additional Items
Upcoming events, OOO/travel, etc.

Agenda 07-11-13

Welcome Christoph
Q2 Goals Postmortem (see below)
[PT] I'll be SF/MTV next week to interview candidate - come have lunch in MTV on tuesday if you want!
[PT] FWIW - Q3 FFOS goals for our team: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdC1OZ0VoTEc1UnhzT2ljRnQ3b19XTFE#gid=1
CSP, Mixed Content can break Bookmarklets - https://bugzilla.mozilla.org/show_bug.cgi?id=866522, https://bugzilla.mozilla.org/show_bug.cgi?id=886663
- bsmith - suggest we don't worry about it. for mixed content it's just dangerous.
- grobinson - users trust them; but probably not worth spending a lot of time on (lower priority). would be difficult to implement an exception for bookmarklets. how do we identify the bookmarklet loads?

[MISS] land the application reputation scanning tool bug 662819 (mmc)
- issues with Download Manager
- need more people from our team working on it
[DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
- evangelizing internally key (still faced a lot of backlash from release)
- QA (thanks Matt!) [LIKE]
- working with Chrome security team (we should continue to do this)
- at one point we were going to land in 21, ended up in 23. This caused communication issues (telemetry) between the different release managers for the different releases.
- Future goals could already be there - couldn't, too busy working more like a Project Manager. This will happen more as we take on more ambitious projects.
- https://bugzilla.mozilla.org/show_bug.cgi?id=843977
- https://bugzilla.mozilla.org/show_bug.cgi?id=844556
- https://bugzilla.mozilla.org/show_bug.cgi?id=843977
- Telemetry : https://bugzilla.mozilla.org/show_bug.cgi?id=781018

[DONE] land OCSP stapling support and tests (keeler)
- Non-controversial, not user facing. Buy-in from outside the team.
- Slow review cycles :(
- https://bugzilla.mozilla.org/show_bug.cgi?id=700693

[DONE] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
- Documentation people were supportive and did a lot of work
- As long as you stay on top and contact them early, it's easily managable in a quarter
[DROP] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
- Guillame's patch
- A lot of support for sandboxing from inside the organization
- Problem: no unified plan. Instead, a series of plans that were shot down/debated. Really hard to reach consensus on a first pass.
- https://wiki.mozilla.org/Electrolysis/Roadmap
- https://bugzilla.mozilla.org/show_bug.cgi?id=790923
[MISS] Deploy pilot cookie study and publish results. (ddahl)
- Pretty much done... but never got the data. "Strange" communication problem with the metrics team. ddahl blames himself. Everything else is ready for when the data finally appears.

Big Trends:

Q3 - for our Q3 goals we tried to figure out what other teams need to be involved. We can update the team dependencies on our Q3 goals next week.